A question about stream functionality (rules, permissions)


I have a question about stream functionalities - permissions to be exact.

We have multiple streams set up and they all have messages removed from the “All messages” stream, so there is nothing there at the moment.

I created another stream. I created a reader role that has permissions only for that stream (read and edit). I gave the role to a user etcetc.

Then the user contacted me and said that he sees some odd stuff in his stream after placing rules matching his log data. It seems that you can edit a stream to get whatever data you want (by accident or purposely).

So I tested it and got to see everything there is.

Is this how Graylog is meant to function? If it is, we just have to work around it. I just wanted to make sure if this is the right behaviour.

Graylog versions: 3.2.4
MongoDB vesion: 4.0.12
Elasticsearch version: 6.8.2

Sorry, but I don’t understand the error exactly. You set edit rights, and the user edited the stream. What is the problem?
Please try to give only read rights on the stream and check the editing fuckntion with the user’s permissions.

It’s a obvious behaviour. If you gain user/role edit permission (Allow editing) to stream he can change parameters of stream. So gain only Allow reading if you can user to only read stream.

Just wanted to make sure. :slight_smile: Thanks for the replies. It seems we have to assign someone to edit and create the streams and we can’t give the edit permissions to any regular user.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.